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TITLE: System and Method for Peer-to-Peer Connection of Clients behind Symmetric Firewalls 

INVENTORS: William L. Gaddy; Chang Feng; Timothy Michael Hingston; Chidambaram 
Ramanathan 

FIELD OF THE INVENTION 
[0001] The present invention relates to systems and methods of peer-to-peer 

communication and particularly to systems and methods of establishing direct Internet Protocol 
(IP) packet-based datagram communication between clients that are behind any combination of 
firewalls/Network Address Translation (NAT)s that allow outgoing Universal Data Packet 
(UDP) traffic, without port-forwarding, and without relaying or proxy services. 

BACKGROUND OF THE INVENTION 
[0002] In certain types of services over IP packet-switched networks, it is highly 

desirable to allow peer-to-peer communication between end-users. It is also highly desirable for 
any given method to allow as many as possible combinations of clients to communicate with 
each other. The lack of a successful method to accomplish this is a major reason behind the lack 
of pervasive deployment of services such as video conferencing. 

[0003] Video is characterized by large bandwidth requirements for each direction of 

communication — and it does not take many concurrent connections to overwhelm a typical 
circuit. It is therefore very desirable to avoid concentrations of this type of traffic at bottlenecks 
where physical or simple monetary constraints prevent the successful forwarding of essentially 
unlimited volumes of traffic. 

[0004] Further, it is very desirable to minimize the time and efforts of specialized 

personnel required to support a given method. Some methods present problems of cost due to 
maintenance, setup, or security concerns. 

[0005] There are several existing methods to traverse firewalls, in order to allow peer-to- 

peer modality for voice and video, including UDP Hole Punching (Internet Engineering Task 
Force (IETF) MidCom Working Group, P2PNAT (Peer-2-Peer Network Address Translation) 
Draft 2), and UPnP (Universal Plug and Play, Microsoft, et. al) but all of these have the problem 
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in that the range of firewalls and combinations thereof that support peer-to-peer connectivity 
when using them are limited. 
[0006] UPnP 

[0007] Simply stated, any client behind a suitably-configured UPnP firewall/NAT can 

5 map ports directly to the outside internet, and thereby look to any other outside client as a server 

for those ports. Most firewalls, regardless of type, are configured to allow client/server 
connections. However, the flaw of this protocol is that it has only been embraced by consumer 
device manufacturers. There are, for example, no enterprise-class firewalls with UPnP support. 
Therefore, UPnP does not solve any problems for enterprise-to-enterprise connectivity, and only 
10 works in the cases where one or both peers are behind firewalls/NATs that support it. 
[0008] UDP Hole Punching 

[0009] UDP Hole Punching is more limiting. As envisaged by the IETF MidCom 

working group, both firewalls/NAts must be of a Cone-UDP type (this is generally specific to 
low-end consumer stateless firewalls). The probabilities of actual circumstance of these cases 
1 5 are multiplicative, and unfortunately, therefore, relatively rare — especially in the enterprise-to- 

consumer and enterprise-to-enterprise cases. 
[0010] Other methods 

[001 1] If one wants to enable video communication between any two arbitrary clients 

where both are behind symmetric firewalls (generally, enterprise-to-enterprise), there are three 

20 choices, all of which either engender the aforementioned concentrations of traffic and the 

expenses accruing thereto, or that require specialized installation, configuration, and/or active 
management and monitoring by qualified personnel of proprietary proxy/relay solutions for at 
least one of the peers' internal networks. 
[0012] These three choices are: 

25 [00 1 3] 1 . To require at least one of the clients to be behind a firewall that has built-in or 

installed capability to support dynamic port-forwarding according to a common signaling and 
call origination protocol, such that said firewall can ensure that the used ports are forwarded in 
such a way that the client behind the forwarded firewall appears as a server to the client behind 
the other firewall, or; 
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[0014] 2. To require proxy/relay services located in the DMZ of one of the clients' 

firewalls, to allow communication between a peer behind the proxied firewall and one outside -- 
where, again, the client behind the proxied service looks like a server to the other client, or; 
[0015] 3. To locate a proxy/relay service behind a known single address or group of 

5 addresses that is outside of both peer's firewalls to relay the traffic, wherein both clients are 

communicating with a common server — the relay. 

[0016] The first choice is exemplified by H.323 and SIP — both are well-known 

connection and signaling protocols for establishing peer-to-peer connections over IP networks. 
They are supported by many enterprise firewalls, but not all. They also are supported by hardly 

10 any mass-market consumer hardware and software firewalls. Because these protocols use many 

and/or arbitrary TCP and UDP ports, these protocols are difficult to trace, more difficult to 
analyze and monitor, and many firewall administrators simply turn these protocol capabilities off 
in the firewalls that do have native support for it, rather than be tasked with monitoring and 
managing them. Furthermore, discoveries about security holes in the reference implementation 

15 of H.323 will undoubtedly result in this protocol being disabled by many administrators. In 

general, this method could work if there was a protocol that met the requirements for security, 
manageability, pervasiveness and adoption ~ but this is not the case with H.323 and SIP and no 
protocols are currently on the standards-track that satisfy all of the foregoing requirements. 
[001 7] The second choice has become the preferred method of managing peer-to-peer 

20 video services in the enterprise — however, the costs accruing to it are asymmetric. Since it 

requires at least one client to be behind a firewall whose administrator has provided a video relay 
service in the DMZ (and at the costs associated with it), an all-too-defensible position from an IT 
Management perspective is that if video services are so necessary between "us" and "them", why 
don't "they" absorb the cost of installing and maintaining a proxy/relay service? A common 

25 consequence is that no one ends up absorbing this expense. 

[0018] The third choice is a natural consequence of the drawbacks of the first two: there 

are presently no interoperable, standards-based solutions which require less than significant 
expense that allow any two given clients behind any two symmetric firewalls to communicate 
with each other . If one could provide a third party relay service, and absolve individual end- 

30 user firewall administrators of this task, it would vastly simplify the administrators' overall 
architecture, equalize costs among end users, and provide a common service provider point. 
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Unfortunately, the common point(s) are the root of the failure for this method to provide an cost- 
effective and scalable solution to video connectivity. In order to support such a solution for 
1 00,000 concurrent two-way video conferences, each using (conservatively) 200 kBit each way, 
a central relay service must support 40,000 MBit circuit connectivity (4000 Tl circuits). For 
5 each additional user, another 400 kBit of capability must be added. Clearly, this is prohibitively 

expensive and does not scale well at all. 

[0019] There appear to be no existing systems that can, at once, solve the stated problems 

of all of the above five methods (or combinations thereof) that prevent wide-spread adoption and 
usage by end-users, by simultaneously allowing true peer-to-peer, unproxied/unrelayed 
1 0 connections between all of the following: 

Clients behind Cone or UPnP Firewalls/NATs to clients behind same; 

Clients behind Cone or UPnP Firewalls/NAT's to clients on routable addresses; 

Clients behind Cone or UPnP Firewalls/NAT's to clients behind Symmetric 
Firewalls/NATs; and 

15 Clients behind Symmetric Firewalls/NATs to clients behind routable addresses; 

Clients behind Symmetric Firewalls/NATs to clients behind Symmetric Firewalls/NATs. 



SUMMARY OF THE INVENTION 
20 [0020] An object of the current invention is to allow peer-to-peer connectivity between 

clients, regardless of the type of firewall/NAT each is behind, whether Cone (Figure 1), Port- 
Restricted Cone (Figure 2), Symmetric (Figure 3), or any combinations thereof, without specific 
protocol support, installation of per-client server/services, or configuration of one or both clients' 
firewalls/NATs. 

25 [0021] A further object of the current invention is to allow peer-to-peer connectivity 

between multiply-NAT-ted clients, some of said NATs being symmetric in nature, under limited 
circumstances, that was otherwise impossible with any other method or combinations of 
methods. 

[0022] To achieve the first object, a method of establishing peer-to-peer connectivity 

30 between clients behind symmetric or cone firewalls/NATs must include discovering what the 

proper tuple (source/destination port, and source/destination address combination) is required to 
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allow the client's firewall to forward packets to the client. In addition, the symmetric port 
translation behavior of firewalls can be further characterized as Symmetric Second Priority PAT 
(Figure 4A), and Symmetric Pure PAT (Figure 4b). Ultimately the calling client wants to 
establish two-way communication with a called client, and to do so each much know what port 
5 was assigned to the address combination on both of the clients' NAT/PATs. The problem 

inherent with achieving this is illustrated in Figure 5. 

[0023] A first step to accomplish the first object is to obtain each client's publicly 

routable address and an example of a publicly routable, masqueraded port by contacting a 
discovery server. Since each separate destination server address (and, ultimately the called 

10 client's destination address) results in a different port mapping for Symmetric NAT/PATs, a 

second request to a second discovery server is indicated. This also simplifies the cases such as in 
Figure 4a where in a very under-utilized NAT/PAT the port address translation will give a direct 
port mapping to the first internal user of a given port, but a masqueraded port for subsequent 
address contacts. It is thus ensured that the second and subsequent addressed requests will use 

15 masqueraded ports. 

[0024] The calling client retrieves this information from the discovery servers, and sends 

the second tuple (combination of source/destination port, source/destination address) to the 
called client via a well-known, open, and agreed server, as in Figure 5. 

[0025] In response, the called client does the same for itself, and responds to the calling 

20 client with its second tuple. The called client also begins sending UDP packets to the reported 

source address and source port of the calling client. If the calling client is a Cone NAT, these 
packets will be delivered. If the calling client is behind a Symmetric NAT, they will not (as in 
Figure 5). 

[0026] In the meantime, when the calling client receives the called client's tuple, it, too 

25 will begin to send UDP packets to the called client's reported source address and source port. If 

the called client is behind a Cone NAT, these packets will be delivered. If the called client is 
behind a Symmetric NAT, they will not (as in Figure 5). 

[0027] Once a client receives an inbound packet, it knows what the proper destination 

port of its peer is, regardless of what type of firewall/NAT the other client is behind. 
30 [0028] If one of the clients happens to be behind a Cone NAT, the first few attempts at 

sending to the original destination port will succeed. When the firewall forwards the packet, the 
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client will receive it, take note of the inbound packet's source port, and will then know to send 
all traffic to that destination port. In addition, the client will send a success packet to indicate to 
the other client that it can stop sending discovery packets. Up to this stage, the process may be 
much like a normal UDP Hole Punch combined with a connection-reversal. The next part of the 
5 process departs significantly from normal UDP Hole Punch methods.. 

[0029] In the case where both clients are behind symmetric NATs, neither client will 

receive UDP packets. 

[0030] When a certain period of time has elapsed before a client has received one of 

these UDP packets, the client will begin to send its packets not to a single destination port, but to 

10 an entire range of ports ("Shotgun"). Most firewall/NATs that perform port masquerading use a 

simple algorithm (usually simple addition) to assign ports to clients sending UDP requests. A 
wide enough range will likely "find" the masqueraded port of the other peer by brute force. 
When the firewall forwards the packet, the client will receive it, take note of the inbound 
packet's source port, and will then know to send all traffic to that destination port. If both clients 

1 5 are behind symmetric firewalls, they both will send this series of UDP packets to "find" the 

active port, and both clients will discover the active destination port of their peer. Figure 6 is a 
full traffic and tuple diagram of this process, including the important firewall state table tuples at 
each point of the exchange. 

[003 1 ] The figure omits the second discovery server contact for brevity. In addition, the 

20 "Shotgun" width described in the figure is limited to the range of the original port through the 

original port plus 8. The preferred embodiment uses a much wider range ( minus 16 through 
plus 32), but the full range is not included in the figure for brevity. 

[0032] When a client gets a positive indication of an incoming packet, it sends a success 

packet response to the sender to indicate that it can stop sending discovery packets. This always 
25 succeeds, because the client sending the response now always knows what destination port to 

send to. Figure 7 depicts a flowchart of the entire protocol exchange as described. 

[0033] Subsequently, all payload is sent from a given client using this identified port. 

[0034] To achieve the second object of the invention, both clients use UPnP support, if 

available, as a first step to directly map ports, thus ensuring a connection reversal. The further 
30 ability to match source port and masqueraded destination ports offers the ability to communicate 

with symmetric firewalls that have been manually configured to not allow outgoing UDP 
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requests on the dynamic port range. Figure 8 depicts a flowchart of the entire protocol exchange 
including the UPnP steps. 

BRIEF DESCRIPTION OF THE DRAWINGS 
5 [0035] FIG. 1 shows a representation of requests and responses in a system in which a 

client is behind a Cone NAT/PAT. 

[0036] FIG. 2 shows a representation of requests and responses in a system in which a 

client is behind a Port-Restricted Cone NAT/PAT. » 
[0037] FIG. 3 shows a representation of requests and responses in a system in which a 

10 client is behind a Symmetric NAT/PAT. 

[0038] FIG. 4a shows a representation of requests and responses in a system in which a 

client is behind a second-priority masquerading NAT/PAT. 

[0039] FIG. 4b shows a representation of requests and responses in a system in which a 

client is behind a pure masquerading NAT/PAT. 
15 [0040] FIG. 5 shows a representation of the initial discovery requests and responses in a 

connection reversal failure between clients behind symmetric NAT's. 
[0041] FIG. 5b shows a representation of a connection reversal failure between clients 

behind symmetric NAT's. 

[0042] FIG. 6 shows a representation of an initial stage of a shotgun exchange between 

20 clients behind symmetric NAT/PATS's. 

[0043] FIG. 6b shows a representation of a later stage of a shotgun exchange between 

clients behind symmetric NAT/PATS's. 

[0044] FIG. 7 shows a flowchart of discovery, message exchange and the shotgun 

process. 

25 [0045] FIG. 8 shows a flowchart of discovery, message exchange and the shotgun 

process using UPnP. 

DETAILED DESCRIPTION 
30 [0046] The present invention is The preferred embodiment of the method disclosed 

comprises: 



-7- 



Attorney Docket No.:5636-104P 
Express Mail Cert. No.: EV 044 714 045 US 

[0047] 

[0048] Two or more discovery servers are situated at different addresses, each listening 

at a series of well-known UDP ports, each of which will respond to well-formed requests from 
clients with a response containing the requesting client's public address and public port; and two 
5 clients who will execute the following steps of the method, in order: 

[0049] Calling client determines if the local NAT, if present, supports UPnP 

[0050] Calling client determines if the local NAT, if present, supports UPnP client- 

activated port forwarding 

[0051] If affirmative 1 and 2, calling client attempts to map the source port to the 

1 0 destination port identically and directly across the NAT via UPnP 

[0052] The calling client retrieves its private address, private source port, public address, 

public source port, and public destination port tuple by contacting and receiving response from a 
first discovery server at a first address via a well-known source and destination port 
(DUDP START request, DUDP_PUBINFO response). 

1 5 [0053] The calling client retrieves its private address, public address, private destination 

port, and public destination port tuple by contacting and receiving response from a second 
discovery server at a second address via the same well-known source and destination port as in 1 
(DUDP_START request, DUDP_PUBINFO response). 

[0054] The calling client will sends the contents of its received second tuple plus the 

20 differential of the first discovery-reported source port and second discovery-reported source port 

to the called client via an established, mutually agreed-upon server for this purpose 
(MESSAGECONTROL) 

[0055] If the called client is not willing to receive calls from the sender, an abort is 

signaled to the sender and the process stops. 
25 [0056] If the called client is willing to receive calls from the sender, the called client 

determines if the local NAT, if present, supports UPnP 

[0057] The called client determines if the local NAT, if present, supports UPnP client- 

activated port forwarding 

[0058] If affirmative 8 and 9, the called client attempts to map the source port to the 

30 destination port identically and directly across the NAT via UPnP 
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[0059] The called client will retrieve the calling client's tuple (MESSAGECONTROL), 

and its own source address, public address, source port, and destination port tuple by contacting 
and receiving response from a first discovery server via a well-known source and destination 
port. (DUDP S TART request, DUDP_PUBINFO response) 
5 [0060] The called client will retrieve its source address, public address, source port, and 

destination port tuple by contacting and receiving response from a second discovery server at a 
second address via the same well-known source and destination port as in 1 1 . (DUDPSTART 
request, DUDP_PUBINFO response). 

[0061] The called client will send the contents of its received second tuple, plus the 

10 differential of the first discovery-reported source port and second discovery- reported source port, 

plus any desired modifications to the calling client's tuple, to the calling client via an established, 
mutually agreed-upon server for this purpose. 

[0062] The called client will then begin a periodic send of UDP packets (DUDPACK) 

to the calling client's address and source port according to the tuple reported to it by the caller's 
1 5 MESSAGE_CONTROL when in good receipt.. 

[0063] The calling client, upon good receipt of a tuple response 

(MES S AGE_CONTROL) from the called client, will then begin a periodic send of UDP packets 
(DUDP_ACK) to the called client's address and source port according to the tuple reported to it 
by the called client's MESSAGE CONTROL. 

20 [0064] If the calling client receives a DUDP ACK, it will take note of the source port 

identified in the IP header of said packet, and use it for subsequent outgoing DUDP ACK 
packets, mark this port for further payload traffic, and also send a DUDP ACK2 packet to this 
destination port. If no DUDP ACK is received within a certain period of time, a series of 
DUDP ACK packets, each with a destination port within a range beyond and contiguous to a 

25 predicted value extrapolated by the differential reported in 9, is sent periodically instead of a 

single packet to a single destination port. Subsequent, repeated transmissions of this series may 
move the port range window with each iteration. 

[0065] If the called client receives a DUDP ACK, it will take note of the source port 

identified in the IP header of said packet, and use it for subsequent outgoing DUDP ACK 
30 packets, mark this port further payload traffic, and also send a DUDP ACK2 packet to this 
destination port. If no DUDP ACK is received within a certain period of time, a series of 
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DUDP ACK packets, each with a destination port within a range beyond and contiguous to a 
predicted value extrapolated by the differential reported in 6, is sent periodically instead of a 
single packet to a single destination port. Subsequent, repeated transmissions of this series may 
move the port range window with each iteration. 

[0066] If the calling client either times out, or receives a DUDP_ACK2, it assumes that it 

has a properly marked destination port, using the reported called client's reported tuple source 
port as a destination port failover value. 

[0067] If the called client either times out, or receives a DUDP_ACK2, it assumes that it 

has a properly marked destination port, using the reported calling client's reported tuple source 
port as a destination port failover value. 

[0068] When the calling client has a properly marked destination port, it will begin to 

send payload data to this port to the called client. 

[0069] When the called client has a properly marked destination port, it will begin to 

send payload data to this port to the calling client. 

[0070] The foregoing embodiment is strictly exemplary in nature and is not to be 

construed as limiting the present invention. Many variations and modifications of the invention 
will be readily apparent to those skilled in the art. 
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ABSTRACT 

A system and method for establishing and maintaining two-way peer-to-peer internet 
communication between clients who are behind symmetric firewalls/NATs is presented. The 
method uses several third-party address-and-port discovery servers to ascertain the nature and 
5 port-mapping metrics of a given client's firewall/NAT. A systematic, multiple UDP Hole Punch 

method is employed for ports within a predicted range, and the source port of the first successful 
forwarding of an inbound packet is used by the client for subsequent outgoing traffic. This 
occurs symmetrically, thus ensuring that both clients' firewalls receive packets for which the 
source/destination ports and source/destination addresses fully-tuple-match with a previous client 
10 request originating from within the protected network, and therefore forwards packets to the 
respective clients successfully (peer-to-peer). In addition, the method allows monitoring, 
management, and prevention of connections by interested firewall/NAT administrators 
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Discovery Server 1 



NIC: 7.8.9.10 



UDP Src 22.23.24.25:8000 
Dest 7.8.9.10:8000 



NIC: 22.23.24.25 



Firewall/NAT A 



NIC: 192.168.20.1 



TF 



UDP Src 192.168.20.20:8000 
Dest 7.8.9.10:8000 



u 



NIC: 192.168.20.20 



Client A 



First request . 



Discovery Server 2 



NIC: 7.8.9.20 



UDP Src 


22.23.24.25:49169 


Dest 


7.8.9.20:8000 



NIC: 22.23.24.25 



Firewall/NAT A 



NIC: 192.168.20.1 



3_F 



UDP Src 192.168.20.20:8000 
Dest 7.8.9.20:8000 



NIC: 192.168.20.20 



Client A 



Second request. 



Discovery Server 3 



NIC: 7.8.9.40 



UDP Src 22.23.24.25:49174 
Dest 7.8.9.40:8000 



NIC: 22.23.24.25 



Firewall/NAT A 



NIC: 192.168.20.1 



UDP Src 192.168.20.20:8000 
Dest 7.8.9.40:8000 



NIC: 192.168.20.20 



Client A 



Third request. 



Figure 4a: Client behind a second-priority masqerading NAT/PAT. The first request with a given port (8000) is not 
masqueraded. The next, and subsequent requests made to different destination addresses with that port before the first 
one expires are masqueraded. 
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Discovery Server 3 



NIC: 7.8.9.40 



UDP Src 22.23.24.25:24768 
Dest 7.8.9.40:8000 
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UDP Src 192.168.20.20:8000 
Dest 7.8.9.40:8000 



NIC: 192.168.20.20 



Client A 



Third request. 



Figure 4b: Client behind a pure masqerading NAT/PAT. All requests with a given port (8000) are masqueraded. The 
masqueraded port changes for each destination address. 



Client A 



NIC: 192.168.20.20 



UDPSrc 192.168.20.20:8000 
Dest 7.8.9.10:8000 



UDPSrc 7.8.9.10:8000 
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Figure 5: Connection reversal failure between clients behind symmetric NATs (left overleaf) Shows the initial discovery 
server requests to get masqueraded ports and external routable addresses, and the exchange of same between the clients. 
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Figure 5/Connection reversal failure between clients behind symmetric NATs (right overleaf) Shows the failed attempt to 
use the-qiscovered ports to communicate directly between the clients. 
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I Calling Client sends DUDP_START packet 10 Discovery Server 1 on port 80OO. 
-j Calling Client sends DUDP.START packet to Discovery Server 2 on port 8000. 




Calling client creates a MESSAGE_CONTROL with info contained in 
DUDP_PUBINFO response, and sends to Called client 




| Called Client sends DUDP_START packet to Discovery Server 1 on port 8000. j 

I 

| Called Client sends DUDP_START packet to Discovery Server 2 on port 8000. | - 




Calling Client sends DUDP ACK packets to the port identified in Called Client's 
MESSAGE.CONTROL 




Called Client creates a MESSAGE CONTROL with info contained in 




DUDP PUBINFO response, and sends to Calling Client 








Upon successful marking of a port, Calling Client begins 
transmission of outbound RTP using marked port as destination. 



Upon successful marking of a port, Called Client begins 
amission of outbound RTP using marked port as destination. 



transmission 



Figure 7: Flowchart of Discovery, Message Exchange, and Shotgun process 
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If UPnP is available, attempt to map port 8000 on the external firewall. 



Calling Client sends OUDP_START packet to Discovery Server 1 on port 8000. 
Calling Client sends DUDP_START packet to Discovery Server 2 on port 8000. 




Calling client creates a MESSAGE_CONTROL with info contained in 
DUDP_PUBINFO response, and sends to Called client 




If UPnP is available, attempt to map port 8000 on the external firewall. 

I 

Called Client sends DUDP_START packet to Discovery Server 1 on port 8000. 



Called Client sends DUDP_START packet to Discovery Server 2 on port 8000. 



Calling Client sends DUDP_ACK packets to the port range surrounding the port 
identified in Called Client's MESSAGE_CONTROL 







Mark port identified in 
MESSAGE.CONTROL 



Mark port 
source port 
DUDP 
DUDP 


dentified in 
of inbound 
ACKor 
ACK2 






Send DUDP_ACK2 to 
Called Client via marked 
port 



Upon successful marking of a port, Calling Client begins 
transmission of outbound RTP using marked port as destination. 



Called Client creates a MESSAGE_CONTROL with info contained in 
DUDP_PUBINFO response, and sends to Calling Client 



Called Client sends DUDP ACK packets to the port identified in Calling Client's 
MESSAGE_CONTROL 




Called Client sends DUDP ACK packets to the port range surrounding the port 
identified in Calling Client's MESSAGE_CONTROL 




Mark port identified in 
source port of inbound 
DUDP_ACKor 
DUDP ACK2 



Mark port identified in 
MESSAGE CONTROL 



Send DUDP_ACK2 to 
Calling Client via marked 
port 



Upon successful marking of a port, Called Client begins 
transmission of outbound RTP using marked port as destination. 



Figure 8: Flowchart of Discovery, Message Exchange, and Shotgun process, including UPnP 
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IS the specification filed herewith with title as listed above. 
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□ the patent identified above. 



If the rights held by the above-identified small business concern are not exclusive, each individual, concern or 
organization having rights to the invention is listed on the next page and no rights to the invention are held by any 
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concern which would not qualify as a small business concern under 37 CFR 1 .9(d) or a nonprofit organization under 
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JS no such person, concern or organization exists. 

□ each such person, concern or organization is listed below. 
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□ Individual 



Q Small Business Concern 



□ Nonprofit Organizat/c 



a Individual 
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O Individual 
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